User Manual
Connect Device - On-Premise Gateway Security
4
A6V11852371_en_h
9 | 19
4 Connect Device - On-Premise Gateway
Security
Overview
Connect Device is the edge connectivity device to gather building data on premise
and securely provision it to the Siemens Digital Services, such as Building
Operator. Connect Device is co-located on customer IT/OT network on site and
connected to the building automation systems (BACnet/IP, Modbus/IP, or
nHaystack compliant devices). An example of a Connect Device (Connect X300) is
shown below.
Fig. 2: Connect X300
➀
Protective earth
The protective earth connection must be connected on the installation side with the
building grounding system (PE).
Min. diameter: 2.5 mm
2
/ 14 AWG)
➁
Pluggable Terminal Block for operating voltage DC 24 V =
➂
ON/OFF Switch, OFF when pressing
➃
USB 2.0, 3.0 interfaces (unused)
➄
Serial interface, 9-pin for RS 232, EIA-422, EIA-485 (unused)
➅
Display Port Interface (unused)
➆
Serial interface, 9-pin for RS 232, EIA-422, EIA-485 (unused)
➇
X1P1 = LAN (customer network) Ethernet 10/100/1000 Mbps (with 2 LEDs per port for
indicators)
➈
X2P1 = LAN (internet access) Ethernet 10/100/1000 Mbps (with 2 LEDs per port for
indicators)
Connect Device is designed with security hardening principles where access is
limited. Listed below are some of the key features that limit unauthorized access
and reduce security vulnerabilities.
Authentication, Access Control & Authorization
● Connect Device BIOS is password protected.
● Connect Device USB and display ports are restricted to keyboard, display, and
specific ethernet drivers for 4G LTE dongles; support for memory drives or any
similar devices on USB ports is disabled.
● Operating system on the Connect Device is a Linux distribution protected by
encryption keys where SSH connections are disabled.